<?php

require_once( '../../libs/smarty.inc' );
require_once( '../../libs/smt_variables.php' );
require_once( '../../libs/Class_DB.php' );
require_once( '../../libs/Class_ERROR.php' );
require_once( '../../libs/login.inc.php' );

if( !in_array( "N", $_SESSION['ADMIN_LOGIN']['AUTH_CD'] ) ) exit;

if( $_SERVER['REQUEST_METHOD'] == 'POST'){	
	$err = new Class_ERROR;
	$err_mes['category'] = $err->check( $_POST['category'], array("EXIST") );
	$err_mes['comtype'] = $err->check( $_POST['comtype'], array("EXIST") );
	$err_mes['name'] = $err->check( $_POST['name'], array("EXIST") );
	$err_mes['phone'] = $err->check( $_POST['phone'], array("EXIST","TEL") );
	$err_mes['pay_type'] = $err->check( $_POST['pay_type'], array("EXIST") );
	//$err_mes['remark'] = $err->check( $_POST['remark'], array("EXIST") );
	
	$mod = $_POST['mod'];
	
	$category = $_POST['category'];
	$comtype = $_POST['comtype'];
	$name = $_POST['name'];
	$kana = $_POST['kana'];
	$email = $_POST['email'];
	$phone = $_POST['phone'];
	$fax = $_POST['fax'];
	$zip = $_POST['zip'];
	$address = $_POST['address'];
		
	$pofuse[] = $_POST['pofuse1'];
	$pofuse[] = $_POST['pofuse2'];
	$pofuse[] = $_POST['pofuse3'];
	$pofuse[] = $_POST['pofuse4'];
	$pofuse = addslashes(serialize($pofuse));
	$pofuse_info = $_POST['pofuse_info'];
	
	$delivery_date = $_POST['delivery_date'];
	$delivery_zip = $_POST['delivery_zip'];
	$delivery_address = $_POST['delivery_address'];
	$delivery_phone = $_POST['delivery_phone'];
	$delivery_contact = $_POST['delivery_contact'];
	$delivery_contact_info = $_POST['delivery_contact_info'];
	$hope_date = $_POST['hope_date'];
	$print_use = array();
	$print_use[] = $_POST['print_use'];
	$print_use[] = $_POST['print_use3'];
	$print_use[] = $_POST['print_use4'];
	$print_use3 = $_POST['print_use3'];
	$print_use4 = $_POST['print_use4'];
	$print_use = addslashes(serialize($print_use));
		
	$wherefrom[] = $_POST['wherefrom1'];
	$wherefrom[] = $_POST['wherefrom2'];
	$wherefrom[] = $_POST['wherefrom3'];
	$wherefrom[] = $_POST['wherefrom4'];
	$wherefrom = addslashes(serialize($wherefrom));
		
	$wherefrom_info[] = $_POST['wherefrom_info_1'];
	$wherefrom_info[] = $_POST['wherefrom_info_2'];
	$wherefrom_info = addslashes(serialize($wherefrom_info));
		
	$pay_type = $_POST['pay_type'];
	$special = $_POST['special'];
	$remark = $_POST['remark'];
	
	$staff_id = $_SESSION['ADMIN_LOGIN']['STAFF_ID'];
	
	if( trim($kana) != '' ){
		$err_mes['kana'] = $err->check( $_POST['kana'], array("KATAKANA") );
	}
	if( trim($email) != '' ){
		$err_mes['email'] = $err->check( $_POST['email'], array("EMAIL") );
	}
	if( trim($fax) != '' ){
		$err_mes['fax'] = $err->check( $_POST['fax'], array("TEL") );
	}
	if( trim($zip) != '' ){
		$err_mes['zip'] = $err->check( $_POST['zip'], array("ZIP") );
	}
	if( trim($delivery_date) != '' ){
		$err_mes['delivery_date'] = $err->check( $_POST['delivery_date'], array("YMD") );
	}
	if( trim($delivery_zip) != '' ){
		$err_mes['delivery_zip'] = $err->check( $_POST['delivery_zip'], array("ZIP") );
	}
	if( trim($delivery_phone) != '' ){
		$err_mes['delivery_phone'] = $err->check( $_POST['delivery_phone'], array("TEL") );
	}
	if( trim($hope_date) != '' ){
		$err_mes['hope_date'] = $err->check( $_POST['hope_date'], array("YMD") );
	}
	if( trim($print_use3) != '' || trim($print_use4) != '' ){
		if(!checkdate($print_use4,1,$print_use3)){
			$err_mes['print_use3'] = "正しく入力してください";
		}
		
	}
	
	if($mod == 'input'){
		
		if( $err->clear ){
			
			$date = Date("Y/m/d");
			$o_status = 0;
			$m_status = 0;
			$delivery_order = 0;
			$email_status = 0;
			$sale_status = 0;
			 
			$dateno = date('Ymd');
			$db = new Class_DB;
			$noSql = "SELECT * FROM k_order_head WHERE order_id like '%".$dateno."%' order by order_id desc limit 0,1";
			$result = $db->query($noSql);
			$row = mysql_fetch_array($result);
			if(!empty($row['order_id'])){
				$strPrice_no = substr($row['order_id'],strlen($row['order_id'])-3,strlen($row['order_id']))+1;
				if(strlen($strPrice_no) == 1){
					$row['order_id'] = $dateno."00".$strPrice_no;
				}elseif (strlen($strPrice_no) == 2){
					$row['order_id'] = $dateno."0".$strPrice_no;
				}else{
					$row['order_id'] = $dateno.$strPrice_no;
				}
					
			}else{
				$row['order_id'] = $dateno."001";
			}
			$order_id = $row['order_id'];
			
			$sql = "INSERT INTO k_order_head (order_id,category,comtype,name,kana,email,phone,fax,zip,pofuse,pofuse_info,delivery_date,
			delivery_zip,delivery_address,delivery_phone,delivery_contact,delivery_contact_info,hope_date,print_use,
			wherefrom,wherefrom_info,pay_type,special,remark,m_date,u_date,o_date,o_status,m_status,delivery_order,
			email_status,sale_status,staff_id,address) VALUES ($order_id,$category,$comtype,'$name','$kana','$email','$phone','$fax','$zip','$pofuse','$pofuse_info',";
			if($delivery_date==''){
				$sql.="NULL,";
			}else{
				$sql.="'$delivery_date',";
			}
			$sql.="'$delivery_zip','$delivery_address','$delivery_phone','$delivery_contact','$delivery_contact_info',";
			if($hope_date==''){
				$sql.="NULL,";
			}else{
				$sql.="'$hope_date',";
			}
			$sql.="'$print_use',
			'$wherefrom','$wherefrom_info','$pay_type','$special','$remark','$date','$date','$date',$o_status,$m_status,$delivery_order,
			$email_status,$sale_status,$staff_id,'$address')";
				
			$db->query( $sql );
			$phase = 'complete';
			$smarty->assign('phase', $phase);
			
		}else{
			$smarty->assign('err', $err_mes);
			$smarty->assign('forms', $_POST);
		}
	}
	
	else if($mod == 'copy'){
		
		if( $err->clear ){
			
			$date = Date("Y/m/d");
			$o_status = 0;
			$m_status = 0;
			$delivery_order = 0;
			$email_status = 0;
			$sale_status = 0;
			 
			$dateno = date('Ymd');
			$db = new Class_DB;
			$noSql = "SELECT * FROM k_order_head WHERE order_id like '%".$dateno."%' order by order_id desc limit 0,1";
			$result = $db->query($noSql);
			$row = mysql_fetch_array($result);
			if(!empty($row['order_id'])){
				$strPrice_no = substr($row['order_id'],strlen($row['order_id'])-3,strlen($row['order_id']))+1;
				if(strlen($strPrice_no) == 1){
					$row['order_id'] = $dateno."00".$strPrice_no;
				}elseif (strlen($strPrice_no) == 2){
					$row['order_id'] = $dateno."0".$strPrice_no;
				}else{
					$row['order_id'] = $dateno.$strPrice_no;
				}
					
			}else{
				$row['order_id'] = $dateno."001";
			}
			$order_id = $row['order_id'];
			
			$sql = "INSERT INTO k_order_head (order_id,category,comtype,name,kana,email,phone,fax,zip,pofuse,pofuse_info,delivery_date,
			delivery_zip,delivery_address,delivery_phone,delivery_contact,delivery_contact_info,hope_date,print_use,
			wherefrom,wherefrom_info,pay_type,special,remark,m_date,u_date,o_date,o_status,m_status,delivery_order,
			email_status,sale_status,staff_id,address) VALUES ($order_id,$category,$comtype,'$name','$kana','$email','$phone','$fax','$zip','$pofuse','$pofuse_info',";
			if($delivery_date==''){
				$sql.="NULL,";
			}else{
				$sql.="'$delivery_date',";
			}
			$sql.="'$delivery_zip','$delivery_address','$delivery_phone','$delivery_contact','$delivery_contact_info',";
			if($hope_date==''){
				$sql.="NULL,";
			}else{
				$sql.="'$hope_date',";
			}
			$m_date = $_POST['m_date'];
			$u_date = $_POST['u_date'];
			$o_date = $_POST['o_date'];
			$sql.="'$print_use',
			'$wherefrom','$wherefrom_info','$pay_type','$special','$remark','$m_date','$u_date','$o_date',$o_status,$m_status,$delivery_order,
			$email_status,$sale_status,$staff_id,'$address')";
				
			$db->query( $sql );
			$phase = 'complete';
			$smarty->assign('phase', $phase);
			
		}else{
			$smarty->assign('err', $err_mes);
			$smarty->assign('forms', $_POST);
		}
	}
	
	else{
		if( $err->clear ){
			$order_id =$_POST['order_id'];
			$o_status = $_POST['o_status'];
			$m_status = $_POST['m_status'];
			$date = Date("Y/m/d");
			$db = new Class_DB;
			$sql = "UPDATE k_order_head SET category=$category,comtype=$comtype,name='$name',kana='$kana',email='$email',phone='$phone',fax='$fax',
			zip='$zip',pofuse='$pofuse',pofuse_info='$pofuse_info',";
			if($delivery_date==''){
				$sql.="delivery_date = NULL,";
			}else{
				$sql.="delivery_date = '$delivery_date',";
			}
			$sql .="delivery_zip='$delivery_zip',delivery_address='$delivery_address',delivery_phone='$delivery_phone',delivery_contact='$delivery_contact',delivery_contact_info='$delivery_contact_info',";
			if($hope_date==''){
				$sql.="hope_date = NULL,";
			}else{
				$sql.="hope_date = '$hope_date',";
			}
			$sql .= "print_use='$print_use',
			wherefrom='$wherefrom',wherefrom_info='$wherefrom_info',pay_type=$pay_type,special='$special',remark='$remark',u_date='$date',o_status=$o_status,m_status=$m_status,
			staff_id=$staff_id,address='$address' WHERE order_id ='$order_id'";
			
			$db->query( $sql );
			$phase = 'completeupdate';
			$smarty->assign('phase', $phase);
			$smarty->assign('forms', $_POST);
			$smarty->assign('cnt', 1);
		
		}else{
			$smarty->assign('err', $err_mes);
			$smarty->assign('forms', $_POST);
			$smarty->assign('cnt', 1);
		}
	}
	
}else{
	$mod = $_GET['mod'];
	$db = new Class_DB;
	if("copy"==$mod){
		$date = Date("Y/m/d");
		$o_status = 0;
		$m_status = 0;
		$delivery_order = 0;
		$email_status = 0;
		$sale_status = 0;
		$dateno = date('Ymd');
		$db = new Class_DB;
		$noSql = "SELECT * FROM k_order_head WHERE order_id like '%".$dateno."%' order by order_id desc limit 0,1";
		$result = $db->query($noSql);
		$row = mysql_fetch_array($result);
		if(!empty($row['order_id'])){
			$strPrice_no = substr($row['order_id'],strlen($row['order_id'])-3,strlen($row['order_id']))+1;
			if(strlen($strPrice_no) == 1){
				$row['order_id'] = $dateno."00".$strPrice_no;
			}elseif (strlen($strPrice_no) == 2){
				$row['order_id'] = $dateno."0".$strPrice_no;
			}else{
				$row['order_id'] = $dateno.$strPrice_no;
			}
				
		}else{
			$row['order_id'] = $dateno."001";
		}
		$order_id = $row['order_id'];
		$oid = $_GET['order_id'];
		
		$sql = "select '$order_id',category,comtype,name,kana,email,phone,fax,zip,pofuse,pofuse_info,delivery_date,
		delivery_zip,delivery_address,delivery_phone,delivery_contact,delivery_contact_info,hope_date,print_use,
		wherefrom,wherefrom_info,pay_type,special,remark,m_date,u_date,o_date,o_status,m_status,delivery_order,
		email_status,sale_status,staff_id,address from k_order_head where order_id='$oid'";
		$result = $db->query( $sql );
		$row = mysql_fetch_array($result);
		
		$row['order_id']=$order_id;
		$row['m_date']=$date;
		$row['u_date']=$date;
		$row['o_date']=$date;
		$row['delivery_date']= $row['delivery_date'] ==NULL?"":date('Y/m/d',strtotime($row['delivery_date']));
		$row['hope_date']=$row['hope_date'] ==NULL?"":date('Y/m/d',strtotime($row['hope_date']));
			
		$smarty->assign('mod', 'copy');
		$smarty->assign('forms', $row);
		$smarty->assign('cnt', 1);
	}else{
		$order_id = $_GET['order_id'];
		if($order_id!=null){
			$sql = "SELECT * FROM k_order_head WHERE order_id = '$order_id'";
			$result = $db->query($sql);
			$row = mysql_fetch_array($result);
			
			$pofusearray = unserialize($row['pofuse']);
			$pofuse1 = 0;
			$pofuse2 = 0;
			$pofuse3 = 0;
			$pofuse4 = 0;
			$pofuse_info = '';
			if($pofusearray[0]==1) $pofuse1 = 1;
			if($pofusearray[1]==2) $pofuse2 = 2;
			if($pofusearray[2]==3) $pofuse3 = 3;
			if($pofusearray[3]==4) {$pofuse4 = 4;$pofuse_info=$row['pofuse_info'];}
			$row['pofuse1']=$pofuse1;
			$row['pofuse2']=$pofuse2;
			$row['pofuse3']=$pofuse3;
			$row['pofuse4']=$pofuse4;
			$row['pofuse_info']=$pofuse_info;
			
			$printusearray = unserialize($row['print_use']);
			$printuse = 0;
			$printuse3 = 0;
			$printuse4 = 0;
			if($printusearray[0]==1) $printuse = 1;
			if($printusearray[0]==2) $printuse = 2;
			if($printusearray[1]!='') $printuse3 = $printusearray[1];
			if($printusearray[2]!='') $printuse4 = $printusearray[2];
			$row['print_use']=$printuse;
			$row['print_use3']=$printuse3;
			$row['print_use4']=$printuse4;
			
			$wherefromarray = unserialize($row['wherefrom']);
			$wherefrominfoarray = unserialize($row['wherefrom_info']);
			$wherefrom1 = 0;
			$wherefrom2 = 0;
			$wherefrom3 = 0;
			$wherefrom4 = 0;
			$wherefrominfo1 = "";
			$wherefrominfo2 = "";
			if($wherefromarray[0]==1) $wherefrom1 = 1;
			if($wherefromarray[1]==2) $wherefrom2 = 2;
			if($wherefromarray[2]==3) { $wherefrom3 = 3;$wherefrominfo1 = $wherefrominfoarray[0]; }
			if($wherefromarray[3]==4) { $wherefrom4 = 4;$wherefrominfo2 = $wherefrominfoarray[1]; }
			$row['wherefrom1']=$wherefrom1;
			$row['wherefrom2']=$wherefrom2;
			$row['wherefrom3']=$wherefrom3;
			$row['wherefrom4']=$wherefrom4;
			$row['wherefrom_info_1']=$wherefrominfo1;
			$row['wherefrom_info_2']=$wherefrominfo2;
			
			$row['m_date']=date('Y/m/d',strtotime($row['m_date']));
			$row['u_date']=date('Y/m/d',strtotime($row['u_date']));
			$row['o_date']=date('Y/m/d',strtotime($row['o_date']));
			$row['delivery_date']= $row['delivery_date'] ==NULL?"":date('Y/m/d',strtotime($row['delivery_date']));
			$row['hope_date']=$row['hope_date'] ==NULL?"":date('Y/m/d',strtotime($row['hope_date']));
			
			$smarty->assign('forms', $row);
			$smarty->assign('cnt', 1);
		}
	}
		
}

$menu_html = file_get_contents( $_SERVER['DOCUMENT_ROOT'].'/templates/web-admin/menu.html' );

$smarty->assign('menu_html', $menu_html);

$smarty->display('web-admin/order.html');


?>